netmgrd: fix denials observed during call bringup

Fix the following denials observed when trying to bringup a
data call.

Allow netmgrd to launch programs on shell

[  207.983674] type=1400 audit(1413464258.877:2646): avc: denied
{ execute } for pid=3153 comm="netmgrd" name="sh" dev="mmcblk0p14"
ino=492 scontext=u:r:netmgrd:s0 tcontext=u:object_r:shell_exec:s0
tclass=file permissive=0
[   30.392603] type=1400 audit(1878.399:627): avc: denied { read open }
for pid=1814 comm="netmgrd" path="/system/bin/sh" dev="mmcblk0p14"
ino=490 scontext=u:r:netmgrd:s0 tcontext=u:object_r:shell_exec:s0
tclass=file permissive=0

Allow netmgrd to configure the DNS and GW related android properties

[   64.911773] Boot completed avc:  denied  { set } for
property=net.rmnet_data0.dns1 scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service
[  228.126745] avc:  denied  { set } for
property=net.rmnet_data0.dns2 scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service
[  228.133928] avc:  denied  { set } for
property=net.rmnet_data0.gw scontext=u:r:netmgrd:s0
tcontext=u:object_r:net_radio_prop:s0 tclass=property_service

Allow netmgrd do determine target using esoc api's

[   30.354990] type=1400 audit(1878.369:625): avc: denied { search }
for pid=755 comm="netmgrd" name="esoc" dev="sysfs" ino=7642
scontext=u:r:netmgrd:s0 tcontext=u:object_r:sysfs_esoc:s0 tclass=dir
permissive=0

Allow netmgrd to set capabilities
[   30.401939] type=1400 audit(1878.409:669): avc: denied { setpcap }
for pid=755 comm="netmgrd" capability=8 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=capability permissive=0

CRs-Fixed: 740553
Change-Id: I33655ee5602472e0232b9b2b8e7f3248266b9bbd
1 file changed